WO2003090050A3 - System and method for detecting malicicous code - Google Patents

System and method for detecting malicicous code Download PDF

Info

Publication number
WO2003090050A3
WO2003090050A3 PCT/US2003/011246 US0311246W WO03090050A3 WO 2003090050 A3 WO2003090050 A3 WO 2003090050A3 US 0311246 W US0311246 W US 0311246W WO 03090050 A3 WO03090050 A3 WO 03090050A3
Authority
WO
WIPO (PCT)
Prior art keywords
code
computer readable
detecting
malicicous
readable code
Prior art date
Application number
PCT/US2003/011246
Other languages
French (fr)
Other versions
WO2003090050A2 (en
Inventor
Itshak Carmona
Taras Malivanchuk
Original Assignee
Computer Ass Think Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Computer Ass Think Inc filed Critical Computer Ass Think Inc
Priority to KR10-2004-7016323A priority Critical patent/KR20040101460A/en
Priority to CA002480867A priority patent/CA2480867A1/en
Priority to JP2003586727A priority patent/JP2005522800A/en
Priority to AU2003234720A priority patent/AU2003234720A1/en
Priority to EP03728376A priority patent/EP1495395B1/en
Priority to DE60326827T priority patent/DE60326827D1/en
Publication of WO2003090050A2 publication Critical patent/WO2003090050A2/en
Priority to IL16450204A priority patent/IL164502A0/en
Publication of WO2003090050A3 publication Critical patent/WO2003090050A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Small-Scale Networks (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Radar Systems Or Details Thereof (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method of detecting malicious code in computer readable code includes performing an initial determination to determine whether a first portion of the computer readable code may potentially havemalicious code and if it is determined that the computer readable code potentially has malicious code, performing another determi nation to determine whether a second portion not including the first portion of the computer readable code has malicious code.
PCT/US2003/011246 2002-04-13 2003-04-10 System and method for detecting malicicous code WO2003090050A2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
KR10-2004-7016323A KR20040101460A (en) 2002-04-13 2003-04-10 System and method for detecting malicious code
CA002480867A CA2480867A1 (en) 2002-04-13 2003-04-10 System and method for detecting malicious code
JP2003586727A JP2005522800A (en) 2002-04-13 2003-04-10 System and method for detecting malicious code
AU2003234720A AU2003234720A1 (en) 2002-04-13 2003-04-10 System and method for detecting malicicous code
EP03728376A EP1495395B1 (en) 2002-04-13 2003-04-10 System and method for detecting malicicous code
DE60326827T DE60326827D1 (en) 2002-04-13 2003-04-10 SYSTEM AND METHOD FOR RECOGNIZING ANNOUNCED CODE
IL16450204A IL164502A0 (en) 2002-04-13 2004-10-11 System and method for detecting malicious code

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US37228302P 2002-04-13 2002-04-13
US60/372,283 2002-04-13
US37247302P 2002-04-15 2002-04-15
US60/372,473 2002-04-15

Publications (2)

Publication Number Publication Date
WO2003090050A2 WO2003090050A2 (en) 2003-10-30
WO2003090050A3 true WO2003090050A3 (en) 2004-10-14

Family

ID=29254481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/011246 WO2003090050A2 (en) 2002-04-13 2003-04-10 System and method for detecting malicicous code

Country Status (11)

Country Link
US (1) US7676842B2 (en)
EP (1) EP1495395B1 (en)
JP (1) JP2005522800A (en)
KR (1) KR20040101460A (en)
CN (1) CN1647007A (en)
AT (1) ATE426858T1 (en)
AU (1) AU2003234720A1 (en)
CA (1) CA2480867A1 (en)
DE (1) DE60326827D1 (en)
IL (1) IL164502A0 (en)
WO (1) WO2003090050A2 (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7203964B1 (en) * 2003-10-07 2007-04-10 Elmer V. Pass Method of stopping internet viruses
US7721334B2 (en) 2004-01-30 2010-05-18 Microsoft Corporation Detection of code-free files
US7484247B2 (en) 2004-08-07 2009-01-27 Allen F Rozman System and method for protecting a computer system from malicious software
US7640587B2 (en) * 2005-03-29 2009-12-29 International Business Machines Corporation Source code repair method for malicious code detection
US7725735B2 (en) * 2005-03-29 2010-05-25 International Business Machines Corporation Source code management method for malicious code detection
US7591016B2 (en) * 2005-04-14 2009-09-15 Webroot Software, Inc. System and method for scanning memory for pestware offset signatures
US7571476B2 (en) * 2005-04-14 2009-08-04 Webroot Software, Inc. System and method for scanning memory for pestware
US7349931B2 (en) 2005-04-14 2008-03-25 Webroot Software, Inc. System and method for scanning obfuscated files for pestware
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US20080134326A2 (en) * 2005-09-13 2008-06-05 Cloudmark, Inc. Signature for Executable Code
US8255992B2 (en) * 2006-01-18 2012-08-28 Webroot Inc. Method and system for detecting dependent pestware objects on a computer
US8713686B2 (en) * 2006-01-25 2014-04-29 Ca, Inc. System and method for reducing antivirus false positives
FR2898704B1 (en) * 2006-03-14 2008-06-06 Proton World Internatinal Nv PROTECTION OF A PROGRAM AGAINST A DISRUPTION
CN100461197C (en) * 2006-05-16 2009-02-11 北京启明星辰信息技术有限公司 Automatic analysis system and method for malicious code
US8190868B2 (en) 2006-08-07 2012-05-29 Webroot Inc. Malware management through kernel detection
US8601451B2 (en) * 2007-08-29 2013-12-03 Mcafee, Inc. System, method, and computer program product for determining whether code is unwanted based on the decompilation thereof
CN101304409B (en) * 2008-06-28 2011-04-13 成都市华为赛门铁克科技有限公司 Method and system for detecting malice code
US20100037062A1 (en) * 2008-08-11 2010-02-11 Mark Carney Signed digital documents
US11489857B2 (en) 2009-04-21 2022-11-01 Webroot Inc. System and method for developing a risk profile for an internet resource
GB2471716A (en) * 2009-07-10 2011-01-12 F Secure Oyj Anti-virus scan management using intermediate results
US9392005B2 (en) 2010-05-27 2016-07-12 Samsung Sds Co., Ltd. System and method for matching pattern
KR102029465B1 (en) * 2011-11-17 2019-10-08 삼성에스디에스 주식회사 Searching and pattern matching engine and terminal apparatus using the same and method thereof
CN104217165B (en) * 2014-09-16 2016-07-06 百度在线网络技术(北京)有限公司 The processing method of file and device
JP7099165B2 (en) * 2018-08-20 2022-07-12 コニカミノルタ株式会社 Image forming device and virus check method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5454000A (en) * 1992-07-13 1995-09-26 International Business Machines Corporation Method and system for authenticating files
US6021510A (en) * 1997-11-24 2000-02-01 Symantec Corporation Antivirus accelerator
WO2000028420A1 (en) * 1998-11-09 2000-05-18 Symantec Corporation Antivirus accelerator for computer networks
EP1043659A2 (en) * 1999-04-09 2000-10-11 Konami Co., Ltd. File signature check

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5509120A (en) * 1993-11-30 1996-04-16 International Business Machines Corporation Method and system for detecting computer viruses during power on self test
ATE183592T1 (en) * 1994-06-01 1999-09-15 Quantum Leap Innovations Inc COMPUTER VIRUS TRAP
US5684875A (en) * 1994-10-21 1997-11-04 Ellenberger; Hans Method and apparatus for detecting a computer virus on a computer
US6577920B1 (en) * 1998-10-02 2003-06-10 Data Fellows Oyj Computer virus screening
US6922781B1 (en) * 1999-04-30 2005-07-26 Ideaflood, Inc. Method and apparatus for identifying and characterizing errant electronic files
GB2353372B (en) * 1999-12-24 2001-08-22 F Secure Oyj Remote computer virus scanning
US7328349B2 (en) * 2001-12-14 2008-02-05 Bbn Technologies Corp. Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses
GB2364404B (en) * 2000-07-01 2002-10-02 Marconi Comm Ltd Method of detecting malicious code
GB2365158A (en) * 2000-07-28 2002-02-13 Content Technologies Ltd File analysis using byte distributions
US7231440B1 (en) * 2000-12-18 2007-06-12 Mcafee, Inc. System and method for distributing portable computer virus definition records with binary file conversion
US7421587B2 (en) * 2001-07-26 2008-09-02 Mcafee, Inc. Detecting computer programs within packed computer files
US7143113B2 (en) * 2001-12-21 2006-11-28 Cybersoft, Inc. Apparatus, methods and articles of manufacture for securing and maintaining computer systems and storage media

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5454000A (en) * 1992-07-13 1995-09-26 International Business Machines Corporation Method and system for authenticating files
US6021510A (en) * 1997-11-24 2000-02-01 Symantec Corporation Antivirus accelerator
WO2000028420A1 (en) * 1998-11-09 2000-05-18 Symantec Corporation Antivirus accelerator for computer networks
EP1043659A2 (en) * 1999-04-09 2000-10-11 Konami Co., Ltd. File signature check

Also Published As

Publication number Publication date
EP1495395A2 (en) 2005-01-12
WO2003090050A2 (en) 2003-10-30
ATE426858T1 (en) 2009-04-15
US20030217286A1 (en) 2003-11-20
JP2005522800A (en) 2005-07-28
KR20040101460A (en) 2004-12-02
CA2480867A1 (en) 2003-10-30
IL164502A0 (en) 2005-12-18
US7676842B2 (en) 2010-03-09
CN1647007A (en) 2005-07-27
AU2003234720A1 (en) 2003-11-03
EP1495395B1 (en) 2009-03-25
DE60326827D1 (en) 2009-05-07

Similar Documents

Publication Publication Date Title
WO2003090050A3 (en) System and method for detecting malicicous code
WO2005052763A8 (en) System for automatically integrating a digital map system
WO2002033525A3 (en) A method and system for detecting rogue software
WO2004051444A3 (en) Providing a secure execution mode in a pre-boot environment
EP1189185A3 (en) Trusted system
AU2001240137A1 (en) Method and system for detecting viruses on handheld computers
WO2006047566A3 (en) Enhanced contextual user assistance
WO2008068450A3 (en) Improvements in resisting the spread of unwanted code and data
WO2005098609A8 (en) A method and system for character recognition
GB2397910B (en) Methods and apparatus for rapidly activating inactive components in a computer system
WO2004072777A3 (en) Method, system and computer program product for security in a global computer network transaction
TW200512607A (en) System and method automatically activating connection to network
WO2005008417A3 (en) Method and system for protecting against computer viruses
WO2005013121A3 (en) Inter-processsor interrupts
WO2003073243A3 (en) Embedded processor with direct connection of security devices for enhanced security
WO2003069518A3 (en) Method, software application and system for exchanging benchmark data
WO2004097602A3 (en) A method of, and system for, heuristically determining that an unknown file is harmless by using traffic heuristics
WO2004015388A3 (en) Subsystem based optical interrogation of sample
WO2005017664A3 (en) Methods and systems for providing benchmark information under controlled access
TW200504527A (en) Certifying method, certifying device, and computer readable storing medium
WO2005017663A3 (en) Methods and systems for providing benchmark information under controlled access
WO2005008393A3 (en) A system for processing documents and associated ancillary information
WO2004066071A3 (en) Run time code integrity checks
WO2004109471A3 (en) System and method for voice activating web pages
WO2005003972A3 (en) Method for checking the safety and reliability of a software-based electronic system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 200407591

Country of ref document: ZA

WWE Wipo information: entry into national phase

Ref document number: 2830/DELNP/2004

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2003234720

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2003728376

Country of ref document: EP

Ref document number: 2480867

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 1020047016323

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 20038083655

Country of ref document: CN

Ref document number: 2003586727

Country of ref document: JP

WWP Wipo information: published in national office

Ref document number: 1020047016323

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2003728376

Country of ref document: EP

ENPW Started to enter national phase and was withdrawn or failed for other reasons

Ref document number: PI0309064

Country of ref document: BR

Free format text: PEDIDO RETIRADO FACE A IMPOSSIBILIDADE DE ACEITACAO DA ENTRADA NA FASE NACIONAL POR TER SIDO INTEMPESTIVA. O PRAZO PARA ENTRADA NA FASE NACIONAL EXPIRAVA EM 13.12.2003 ( 20 MESES - BR DESIGNADO APENAS), ELEICAO NAO COMPROVADA, E A PRETENSA ENTRADA NA FASE NACIONAL SO OCORREU EM 07.10.2004.